ZoneAlarm's top screen quickly summarizes recent intrusion attempts.
There are no major interface changes in 4.5; it sports the same glossy, simple-enough-for-everyone look and feel as the last edition. The design looks an awful lot like Windows XP, with navigational tabs at the left that display detailed settings when you click them. You can even minimize the entire window to show only the Stop and Lock buttons, which disable protection and prevent any Net connection, respectively. Overall, we love this look.
ZoneAlarm Pro 4.5 configures itself to work with your default Internet browser during installation. The program stops any desktop program that tries to access the Internet, then displays an alert that asks if you want to authorize the connection. Click Yes the first time, and you're set thereafter.
New to version 4.5 are expert-level rules that define specific access and activity privileges for programs that need Internet access. These rules, which didn't exist in previous editions and may be reason enough to upgrade to version 4.5, are similar to those in Norton Personal Firewall 2004, although they are more difficult to configure. Unfortunately, they still don't let you build rules that limit program access to specific ports or Internet protocols. Nor do we like the cumbersome process that requires you to choose options from pop-up lists while juggling multiple windows.
After an attack, you can track the hacker back to the lair.
ZoneAlarm has also added a new reporting tool. Previously, the Hacker ID function only tracked down the location (both the IP address and the geographic locale) of any intruders onto your system. (Don't worry; ZoneAlarm automatically masks your address as it traces any suspected hackers.) However, the new reporting tool allows Zone Labs to periodically collect these trace-back reports and pass them on to the offender's ISP. Cool.
Other enhancements include a cache cleaner to wipe space-hogging temporary Internet files, browser histories, and cookies from your machine, plus an improved mail monitor that watches outbound mail for evidence of mass-mailing worm activity. (Previous versions already monitored inbound mail.) The latter isn't an antivirus protector--ZoneAlarm is still missing that important part of PC security strategy--but it will shut down your e-mail client if a virus or a worm tries to mass-mail copies of itself. For a complete security package, including antivirus protection, you should consider Norton Internet Security or McAfee Internet Security instead.
We ran ZoneAlarm Pro 4.5 against Steve Gibson's ShieldsUp port tester. In stealth mode, our PC was invisible to the world, which is good. If hackers can't see your computer on the Internet, they can't get inside.
To test ZoneAlarm Pro 4.5's firewall, we began with IP Agent, a free utility provided by ShieldsUp that determines the test machine's current IP address, then contacts the ShieldsUp Web site to begin testing.
Next, the Port Probe utility from ShieldsUp tested our system's defense against Internet port scanners. The test originates from the ShieldsUp server and attempts to establish standard TCP/IP (Internet) connections on a handful of commonly exploited Internet service ports on the test computer.
Using ShieldsUp, each port gives one of the three following results:
Stealth: This result means that the probe was not able to find this particular port on your computer. This is the most secure result.
Closed: This shows that the probe was able to detect this particular port on your computer but that the connection was refused.
Open: This result means that the port is actively advertising its presence on the Internet. Port scanners will have no trouble finding it.
More information on these tests and what the results mean can be found at ShieldsUp.
More information about how we test firewalls can be found at CNET Labs. Zone Labs still doesn't get it: phone support is a must-have. If you have a problem with ZoneAlarm Pro, you won't be able to call the company. Instead, you can browse a brief online FAQ, send an e-mail message, or rely on the kindness of strangers who host the forums accessed through Zone Labs' Web site. And the online help, which includes some of the program's well-known problems, is skimpy.
You'll find ZoneAlarm's best tech support in its message forum.
We don't like the e-mail form, either. For a prompt response, you have to type in your 20-letter product key code first, and even then, Zone Labs promises to respond in three to four business days. That's just not fast enough if you're sweating something as important as your firewall. Our advice: Try the forums.